Kayos
1f1993ed97
Aldabra giant tortoise (Aldabrachelys gigantea) — endemic to the
Aldabra atoll, up to 250 kg, 150-year lifespan. Long-lived,
defended, slow but unstoppable. Better metaphor for the wallet
than 'sulkta-wallet' which was on-the-tin descriptive.
All renames in one pass:
- repo: Sulkta-Coop/sulkta-wallet → Sulkta-Coop/aldabra (via gitea API)
- workspace dir: sulkta-wallet → aldabra
- crate dirs: wallet-{core,chain,mcp} → aldabra-{core,chain,mcp}
- crate names + path imports in Cargo.toml workspace + each crate
- binary name: sulkta-wallet → aldabra
- README, ROADMAP, docs/architecture: all references swept
97 lines
4.1 KiB
Markdown
97 lines
4.1 KiB
Markdown
# aldabra roadmap
|
|
|
|
Phased buildout. Each phase ships a usable increment + leaves the
|
|
codebase in a state where Phase N+1 picks up cleanly.
|
|
|
|
## Phase 1 — MVP read path (current scaffold)
|
|
|
|
**Goal:** address + balance + UTXOs from a real mnemonic, working
|
|
end-to-end through the MCP transport.
|
|
|
|
- [x] Cargo workspace
|
|
- [x] Crate skeletons: `aldabra-core`, `aldabra-chain`, `aldabra-mcp`
|
|
- [x] Type stubs + ZeroizeOnDrop scaffolding for keys
|
|
- [ ] `aldabra-core::Mnemonic::into_root_key` — real CIP-3 derivation via `pallas-crypto`
|
|
- [ ] `aldabra-core::derive_base_address` — real CIP-1852 + bech32
|
|
- [ ] `aldabra-chain::KoiosClient::get_utxos` — real `reqwest` to `/address_utxos`
|
|
- [ ] `aldabra-chain::KoiosClient::get_balance`
|
|
- [ ] Interactive mnemonic bootstrap CLI: paste once, age-encrypt to disk
|
|
- [ ] On-startup decryption — single passphrase prompt, derived key in
|
|
RAM only
|
|
- [ ] Wire MCP server (rmcp) — register `wallet.address`,
|
|
`wallet.balance`, `wallet.utxos` tools
|
|
- [ ] Smoke test against testnet (preprod)
|
|
|
|
**Done = `claude` can invoke `wallet.address` and get the right
|
|
preprod address back; `wallet.balance` returns matching numbers from
|
|
a Koios query.**
|
|
|
|
## Phase 2 — write path (send)
|
|
|
|
**Goal:** the wallet can spend.
|
|
|
|
- [ ] `aldabra-chain::ChainBackend::submit_tx` — POST CBOR to Koios `/submittx`
|
|
- [ ] `aldabra-chain::tx_status` — poll `/tx_info`
|
|
- [ ] Build + sign ADA-only payment via `pallas-txbuilder`
|
|
- [ ] MCP tool `wallet.send` with `to_address`, `lovelace` args
|
|
- [ ] MCP tool `wallet.tx_status` with `tx_hash` arg
|
|
- [ ] Add native-asset send (multi-asset value bundle)
|
|
- [ ] Add `wallet.send.sign_only` for offline / multisig flows
|
|
- [ ] Hard guard: reject outbound TXs over $X equivalent unless flag set
|
|
(preventable LLM mistake)
|
|
|
|
**Done = the wallet successfully sends 1 tADA on preprod, then 1 ADA
|
|
on mainnet to a known test address, both initiated via an MCP tool
|
|
call from Claude Code.**
|
|
|
|
## Phase 3 — minting
|
|
|
|
**Goal:** wallet can mint Sulkta native assets.
|
|
|
|
- [ ] Policy script construction — pure-timelock + multisig variants
|
|
- [ ] CIP-25 metadata serialization (legacy 721 metadatum)
|
|
- [ ] CIP-68 ref-NFT pattern (300/100/333 standards)
|
|
- [ ] MCP tool `wallet.policy.create` — returns `policy_id` + serialized script
|
|
- [ ] MCP tool `wallet.mint` — args: `policy`, `assets`, `metadata`
|
|
- [ ] Integration with the MAP treasury minting pattern (2-of-2 multisig)
|
|
|
|
**Done = the wallet can mint a test asset on preprod with both CIP-25
|
|
and CIP-68 metadata, queryable via Koios `/asset_info`.**
|
|
|
|
## Phase 4 — Plutus interaction
|
|
|
|
**Goal:** consume Plutus-locked UTXOs, attach reference scripts, delegate stake.
|
|
|
|
- [ ] Inline datum support
|
|
- [ ] Reference input attachment
|
|
- [ ] `wallet.script.spend` — args: `utxo_ref`, `redeemer_cbor`,
|
|
`script_cbor` or reference, `additional_signers`
|
|
- [ ] Script execution unit estimation (call out to a local cardano-cli
|
|
or a reasonable approximation)
|
|
- [ ] Stake key derivation (chain index 2)
|
|
- [ ] `wallet.stake.delegate` — args: `pool_id`, optional drep_id (Voltaire era)
|
|
- [ ] Drep voting tools if Cobb cares (separate ask)
|
|
|
|
**Done = the wallet successfully spends a UTXO locked by a trivial
|
|
Plutus validator (e.g. "always succeeds") on preprod.**
|
|
|
|
## Out-of-scope (deliberately)
|
|
|
|
- **Hot-key signing for high-value mainnet** — for any tx over a
|
|
per-config threshold, the wallet should write the unsigned TX to a
|
|
file and require a separate cold-signing flow (mirrors the
|
|
ADAMaps treasury pattern at `memory/MEMORY.md` ADAMaps section).
|
|
- **Smart contract deployment / Plutus compilation** — that's an Aiken
|
|
/ plutus-tx job. This wallet only consumes pre-compiled scripts.
|
|
- **Browser / Web UI** — pure MCP-as-the-interface. Humans interact
|
|
via the LLM client.
|
|
- **Multiple wallets in one daemon** — instance-per-wallet by design.
|
|
Run multiple binaries if needed.
|
|
|
|
## Performance / size targets (informal)
|
|
|
|
- Cold-start time: < 200 ms (mnemonic decrypt + key derive)
|
|
- Per-tool latency: dominated by chain backend (Koios round-trip
|
|
~50-200 ms); the wallet itself should add < 10 ms
|
|
- Binary size: < 30 MB stripped release
|
|
- Memory: < 50 MB RSS steady-state
|